Sm_AgentApi_Attribute_t
This structure defines information about a response attribute.
sm1252sp1
This structure defines information about a response attribute.
Syntax
This structure has the following format:
typedef struct Sm_AgentApi_Attribute_s{longnAttributeId;longnAttributeTTL;longnAttributeFlags;charlpszAttributeOid[SM_AGENTAPI_SIZE_OID];longnAttributeLen;char*lpszAttributeValue;} Sm_AgentApi_Attribute_t;
Parameters
This structure has the following parameters:
- nAttributeIdID of the response attribute.
- nAttributeTTLThe time-to-live value (in seconds) for the response attribute. The attribute remains in cache for the duration of the TTL value.
- nAttributeFlagsResponse attribute flag. This flag is used in the following session store functions:
- Sm_AgentApi_DelSessionVariables()
- Sm_AgentApi_GetSessionVariables()
- Sm_AgentApi_SetSessionVariables()
- lpszAttributeOidThe response attribute object identifier.
- nAttributeLenThe length of the response attribute.
- lpszAttributeValueThe null-terminated attribute value of a response attribute.
Remarks
The following well-known authentication attributes are returned by Sm_AgentApi_Login() and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
- SM_AGENTAPI_ATTR_AUTH_DIR_OIDThe Siteminder object id of the directory where the user was authenticated. This is the internal object id assigned to theCA Single Sign-Onuser directory.
- SM_AGENTAPI_ATTR_AUTH_DIR_NAMETheCA Single Sign-On"name" specification of the directory where the user was authenticated. This is the directory name specified in theCA Single Sign-OnUser Directory Dialog.
- SM_AGENTAPI_ATTR_AUTH_DIR_SERVERTheCA Single Sign-On"server" specification of the directory where the user was authenticated. This is the directory server specified in theCA Single Sign-OnUser Directory Dialog.
- SM_AGENTAPI_ATTR_AUTH_DIR_NAMESPACETheCA Single Sign-On"namespace" specification of the directory where the user was authenticated. This is the directory namespace (LDAP:, ODBC:, WinNT:, AD:) as specified in theCA Single Sign-OnUser Directory Dialog.
- SM_AGENTAPI_ATTR_USERMSGThe text presented to the user as a result of authentication. Some authentication schemes supply challenge text or a reason why an authentication has failed. A value for this attribute can be provided through thelpszUserMsgparameter of SmAuthenticate().
- SM_AGENTAPI_ATTR_USERDNThe user’s distinguished name as recognized byCA Single Sign-On.This attribute is also used in single sign-on operations.
- SM_AGENTAPI_ATTR_USERUNIVERSALIDThe user’s universal id, as set in the user directory.
- SM_AGENTAPI_ATTR_IDENTITYSPECThe user’s identity ticket.CA Single Sign-Onreturns this if the user tracking feature has been enabled.
The following well-known attributes are used in single sign-on operations and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
- SM_AGENTAPI_ATTR_USERDNThe user’s distinguished name.
- SM_AGENTAPI_ATTR_SESSIONSPECThe session specification returned from the login call.
- SM_AGENTAPI_ATTR_SESSIONIDThe session ID returned from the login call.
- SM_AGENTAPI_ATTR_USERNAMEThe user’s name.
- SM_AGENTAPI_ATTR_CLIENTIPThe IP address of the machine where the user initiated a request for a protected resource.
- SM_AGENTAPI_ATTR_DEVICENAMEThe name of the agent that is decoding the token.
- SM_AGENTAPI_ATTR_IDLESESSIONTIMEOUTMaximum idle time for a session.
- SM_AGENTAPI_ATTR_STARTSESSIONTIMEThe time the session started after a successful login.
- SM_AGENTAPI_ATTR_LASTSESSIONTIMEThe last time that the SMSESSION token in the cookie was updated (by an agent or by the Agent API using CreateSSOToken or DecryptSSOToken).
- SM_AGENTAPI_ATTR_SSOZONESpecifies the designation of the SSO zone name, which you provide when you call the Sm_AgentApi_CreateSSOToken method. If you do not specify a zone name, the default is "SM." You can read this value in the in the attribute list returned by the Sm_AgentApi_DecodeSSOToken method.
The following well-known management attributes are returned by Sm_AgentApi_DoManagement() and referenced in the nAttributeId field of the Sm_AgentApi_Attribute_t structure:
- SM_AGENTAPI_AFFILIATE_KEY_UPDATEInstructs the agent to update the name of the affiliate agent.
- SM_AGENTAPI_AGENT_KEY_UPDATE_NEXTInstructs the agent to update its "next" Agent key. The value contains 24 bytes of binary data.
- SM_AGENTAPI_AGENT_KEY_UPDATE_LASTInstructs the agent to update its "last" Agent key. The value contains 24 bytes of binary data.
- SM_AGENTAPI_AGENT_KEY_UPDATE_CURRENTInstructs the agent to update its "current" Agent key. The value contains 24 bytes of binary data.
- SM_AGENTAPI_AGENT_KEY_UPDATE_PERSISTENTInstructs the agent to update its static (persistent) Agent key. The value contains 24 bytes of binary data.
- SM_AGENTAPI_CACHE_FLUSH_ALLInstructs the agent to flush all information in its caches.
- SM_AGENTAPI_CACHE_FLUSH_ALL_USERSInstructs the agent to flush all user information stored in its caches.
- SM_AGENTAPI_CACHE_FLUSH_THIS_USERInstructs the agent to flush all cache information pertaining to a given user. The value contains the following: <user dir oid> / <user dn>.
- SM_AGENTAPI_CACHE_FLUSH_ALL_REALMSInstructs the agent to flush all resource information stored in its caches.
- SM_AGENTAPI_CACHE_FLUSH_THIS_REALMInstructs the agent to flush all resource information pertaining to a given realm. The value is a realm OID.